Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2024-02-15 08:08	resources.dll 5d8d5a9c46e621f31d129bcd671c8c8a Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software		4			15.6	M	12	ZeroCERT

2	2024-02-15 08:06	resources.dll 6c072be39ed9066026637c0b74e74047 Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Interception Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software		3			15.4	M	6	ZeroCERT

3	2024-02-15 08:05	resources.dll e758e07113016aca55d9eda2b0ffeebe Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software		3			15.4	M	8	ZeroCERT

4	2024-01-12 08:00	dwm2.exe cdb5da91ed9624691148563d0c234e06 Malicious Library Antivirus UPX PE32 PE File OS Processor Check VirusTotal Malware PDB					2.2		42	ZeroCERT

5	2022-10-03 09:37	UCUNO7W9hMYe 925bd0fe97f5dfd06ba90e824edcc312 UPX ASPack PE32 PE File Browser Info Stealer VirusTotal Malware AutoRuns Malicious Traffic Check memory Interception Windows Browser Remote Code Execution DNS	2 Keyword trend analysis Info http://103.106.202.174/seemorebty/il.php?e=UCUNO7W9hMYe https://www.facebook.com/%3Cbr%20/%3E%0A%3Cb%3EDeprecated%3C/b%3E:%20%20mysql_pconnect():%20The%20mysql%20extension%20is%20deprecated%20and%20will%20be%20removed%20in%20the%20future:%20use%20mysqli%20or%20PDO%20instead%20in%20%3Cb%3E/www/wwwroot/103.106.202.174/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_pconnect():%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%20in%20%3Cb%3E/www/wwwroot/103.106.202.174/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E47%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20mysql_query()%20expects%20parameter%202%20to%20be%20resource,%20boolean%20given%20in%20%3Cb%3E/www/wwwroot/103.106.202.174/seemorebty/includes/database.php%3C/b%3E%20on%20line%20%3Cb%3E73%3C/b%3E%0A%3Cbr%20/%3E%0A%3Cfont%20color=%22%23000000%22%3E%0A%3Cb%3E1045%20-%20Access%20denied%20for%20user%20'dbnew01'@'localhost'%20(using%20password:%20YES)%3Cbr%3E%0A%3Cbr%3Eselect%20iplogger%20from%20t_channels%20where%20name='UCUNO7W9hMYe'%20limit%200,1%3Cbr%3E%0A%3Cbr%3E%0A%3Csmall%3E%0A%3Cfont%20color=%22%23ff0000%22%3E%5BTEP%20STOP%5D%3C/font%3E%0A%3C/small%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3C/b%3E%0A%3C/font%3E	3			5.4	M	20	ZeroCERT

6	2022-03-25 10:19	듐乖섬.exe 156b4f5c31201bc945b2b3ceb95e0c5a VMProtect Malicious Library PE File PE32 VirusTotal Malware unpack itself Detects VMWare VMware crashed					3.2		18	ZeroCERT

7	2022-03-10 14:48	lilay.exe 569af9ea74e24bcf9ea8895c54748a04 Emotet Gen2 UPX ASPack Malicious Library Http API ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check PE64 Browser Info Stealer VirusTotal Malware Code Injection Malicious Traffic Check memory Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk sandbox evasion IP Check VM Disk Size Check Tofsee Interception Windows Browser Remote Code Execution DNS	6 Keyword trend analysis Info http://tg8.cllgxx.com/hp8/g1/rtst1077.exe http://ip-api.com/json/ http://152.32.228.19/seemorebty/il.php?e=lilay http://www.hhiuew33.com/check/safe - rule_id: 11425 http://www.hhiuew33.com/check/?sid=148941&key=d2db8d8d44195e3a53684d6c389c80e1 - rule_id: 10935 http://152.32.228.19/seemorebty/poe.php?e=lilay	11 Info www.hhiuew33.com(45.136.151.102) - mailcious ip-api.com(208.95.112.1) tg8.cllgxx.com(85.209.157.230) - malware solucionessegura.com(46.17.175.78) iplogger.org(148.251.234.83) - mailcious 148.251.234.83 46.17.175.78 152.32.228.19 208.95.112.1 85.209.157.230 - malware 45.136.151.102 - mailcious	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) ET POLICY PE EXE or DLL Windows file download HTTP ET POLICY External IP Lookup ip-api.com	2	11.8	M	45	ZeroCERT

8	2021-11-23 09:45	robert.png 65a43f945729062784e3ca1edb043a20 UPX PE File OS Processor Check PE32 Remote Code Execution					0.8			ZeroCERT

9	2021-11-23 07:56	robert.png 65a43f945729062784e3ca1edb043a20 UPX PE File OS Processor Check PE32 Remote Code Execution					0.8			ZeroCERT

10	2021-11-19 11:29	supremecode.ttfgh 6415be25e090305e57cc0777d65effab UPX PE File OS Processor Check PE32 VirusTotal Malware Remote Code Execution					1.6		23	ZeroCERT

11	2021-11-19 08:01	bird.png 31123eebb209289d005e3e07b272cd7f UPX PE File OS Processor Check PE32 Remote Code Execution					0.8			ZeroCERT

12	2021-11-19 07:38	bird.png e94a7d335b6c55a000bd6f4fa16e31e9 UPX PE File OS Processor Check PE32 Remote Code Execution					0.8			ZeroCERT

13	2021-11-19 07:38	bird.png 31123eebb209289d005e3e07b272cd7f UPX PE File OS Processor Check PE32 Remote Code Execution					0.8			ZeroCERT

14	2021-11-18 13:52	bird.png b56472432fa955761c7b65e7dee8ef60 UPX PE File OS Processor Check PE32 Remote Code Execution					0.8			ZeroCERT

15	2021-11-16 13:41	bird.png 0229f8f8d584db985b35dd57661f94bd Gen2 UPX PE File OS Processor Check PE32 Remote Code Execution					0.6			guest